COBIT Security Baseline: An Information. Survival Kit, 2nd Edition. IT Governance Institute. Click here if your download doesn”t start automatically. This login page is the result of either: Taping “Sign In”; Attempting to access content or functionality which requires login (such as a purchase, registration or My. An Information Security Survival Kit IT Governance Institute derived from COBIT : • Board Briefing on IT Governance, 2nd Edition—Designed to help executives.
|Published (Last):||2 April 2012|
|PDF File Size:||6.29 Mb|
|ePub File Size:||20.54 Mb|
|Price:||Free* [*Free Regsitration Required]|
COBIT Security Baseline
If you need to open an secutity e-mail attachment, save it and scan it with the antivirus software—and possibly disconnect from the network—before opening. CIOs, CFOs, basline security managers, auditors, and those involved in corporate and edirion technology IT governance are often overwhelmed by the many international standards and guidance for managing the IT function.
Although this guide is not exhaustive, if all the guidance provided is implemented, security protection will be well above the average found in most organisations. When was the latest policy statement issued on information security? Define policy for what information can come into and go out of the organisation, and configure the network security systems, e.
Insist that management make security investments and security improvements measurable, and monitor and report on programme effectiveness.
Physical theft Physical theft of 2nr computer, of course, results in loss of confidentiality and availability, and assuming the computer is ever recovered makes the integrity of the data stored on the disk suspect. Make regular backups of data on removable media and store them away from the computer. Are risk assessments undertaken as needed, and with involvement of business users? Figure 14—Action List Set up and execute a risk management programme that identifies threats, analyses vulnerabilities, assesses criticality and uses industry best practices for due care.
As always, the user should be wary of exchanging files with unknown parties. Common mitigation methods include using surge suppressors and uninterruptible power supplies UPS.
Figure 16—Action List Establish a security organisation and function that assists management in the development of policies and assists the enterprise in carrying them out. Ensure that archiving and backup procedures for critical information have been defined and implemented.
Consider testing how the security after sufficient functions integrate with existing systems. The control practices provide the more detailed how and why needed by management, service providers, end users and control professionals to implement highly specific controls based on an analysis of operational and IT risks. Information Security Survival Kit 4— Executives When using the Internet for business or personal reasons such as shopping, use only reputable suppliers and web sites.
Governance of IT Investments, a complimentary download at www. This type of attack causes the computer to crash or become so busy processing data that the user is unable to use it. Ensure that a business continuity plan exists and has been regularly tested. Talk with children about some of the hazards that may affect them when using the Internet, and talk to them about acceptable use of the Internet.
Billions of IT investment dollars continue to be wasted each year due to poor alignment, oversight and control of information technology IT. The widespread use of the Internet, handheld and portable computer devices, and mobile and wireless technologies has made access to data and information easy and affordable.
The document provides IT professionals and organisations with assessment ideas and approaches, IT control objectives mapped into COSO for disclosure and financial reporting purposes, and a clear road map to deal with the murkiness of these regulatory times.
Guidance for Boards of Directors and Executive Management, 2nd Edition, sponsored by Unisys and available as a complimentary download at www. Ensure that risks of dependency on security service providers have been assessed and mitigated.
Ensure that information security fits within the information security governance framework: Unprotected Windows networking shares Intruders can exploit unprotected Windows networking shares in an automated way to place tools on large numbers of Windows-based computers attached to the Internet.
The non-profit association has released its guide: Mobile devices may pose greatest threat to confidential information Mobile devices pose a significant threat in leaking confidential enterprise information, reveals an ISACA white paper.
COBIT Security Baseline
New business model for information security The non-profit association issued the Business Model for Information Security, available as a free download. Ensure that security is considered in job performance appraisals and results in appropriate rewards and disciplinary measures. In the ever-changing technological environment, security that is state-of-the-art today may be obsolete tomorrow.
How much is being spent on information security? Does management track its own progress on recommendations? Whether it occurs to a home user relying on home banking or an enterprise relying on online customers, an Internet security breach has a real and major impact. Ensure that a measurable and management-transparent security strategy is created based on benchmarking, maturity models, gap analysis and continuous performance reporting.
These standards include information security management, information security evaluation, authentication and authorisation, etc. Regulatory compliance is top concern in The survey shows that there is a growing focus on enterprise-based IT management and IT governance. Ensure that the security baseline and vulnerabilities have been constantly assessed through monitoring system weaknesses—intrusion detection, penetration and stress testing, and testing of contingency plans.
Control Objective Acquire and maintain technology infrastructure Consider security While it is not exhaustive, it is indicative of the technical risks that all users might face today.
Liite 5. Standardit
A packet sniffer installed on any cable modem user’s computer in a neighborhood may be able to capture data transmitted by any other cable modem in the same neighborhood. Ensure that information security is part of the overall IT life cycle. Secrity awareness of the need to protect information; provide training to operate information systems securely and be responsive to security incidents. Secuurity that applicable security measures have been identified and implemented e.
Get advice on tools that can be used.
What information security awareness training has been established and does it appear adequate considering the assessed risks? Although all stored data can become unavailable—if the media they are stored on are physically damaged, destroyed or lost—data stored on hard disks are at higher risk due to the mechanical nature of the device. Back door and remote administration programs On computers using a Windows operating system, intruders commonly use three tools—Back Orifice, Netbus and SubSeven—to gain remote access to the computer.
The files attached to the e-mail messages sent by these viruses may appear to be harmless text. In most cases, the latest patches will prevent the attack. It is addressed to boards of directors, supervisory boards, audit committees, chief executive officers, chief information officers and 22nd executive management, and is designed to help these individuals secutity why IT governance is important, what its issues are and what their responsibility is for managing it.
Establish rules for authorising changes and for evaluating their security impact.
When depending on computers to do business, sign up for onsite support and ensure the availability of an on-call facility should anything go wrong.